Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AtMail Open-Source目录遍历漏洞
Vulnerability Description
AtMail是澳大利亚Atmail公司的一款开源的WebMail客户端,它提供Webmail界面、通信录管理、日历等功能,并支持IMAP、视频邮件等。 AtMail Open-Source 1.05之前版本的@Mail WebMail Client中的compose.php中存在漏洞,该漏洞源于未正确处理unique参数中的../ (点、点、斜杠)序列。远程攻击者可利用该漏洞借助..././(点、点、点、斜杠、点、斜杠)序列进行目录遍历攻击,读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A